Hi Abhishek,
On 8/25/23 11:28 AM, Abhishek Madan wrote:
Summary
Total Cookie Protection has been enabled by default in Firefox 103.
Users now have storage partitioning which protects them from
third-party tracking. However, Blob URLs remain unpartitioned and
hence still put our users at risk because a Blob can be used as a
tracking factor.
To close this loophole, we can partition Blob URLs by using the
partitioning key (top-level domain). Entailing, the blob URL will be
double-keyed, so blob URLs can only be resolved if the top-level
domain is the same as the top-level domain where the blob URL was
created.
Standard:
https://github.com/w3c/FileAPI/issues/153
<https://github.com/w3c/FileAPI/issues/153>
This is just an issue, rather than a standard. Do you intend to update
the spec to match what you're shipping? (I didn't see any relevant PRs,
but I might have missed one.)
best,
Mike
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/232f431e-56ef-49cf-b009-aa747b1a7b92%40chromium.org.
